is a software suite for simulating common internet services in a lab environment, e.g. for analyzing the network behaviour of unknown malware samples. It offers support for DNS, HTTP, FTP, SMTP, among others.
Here is a great blog post on setting up InetSim for your lab environment:
Simulating Network Traffic
Configure INetSim
$ sudo vi /etc/inetsim/inetsim.conf
The below need to be uncommented and specified.
service_bind_address <Our machine's/VM's TUN IP>
dns_default_ip <Our machine's/VM's TUN IP>
dns_default_hostname www
dns_default_domainname iuqerfsodp9ifjaposdfjhgosurijfaewrwergwea.com
Initialize INetSim
$ sudo inetsim
INetSim 1.3.2 (2020-05-19) by Matthias Eckert & Thomas Hungenberg
Using log directory: /var/log/inetsim/
Using data directory: /var/lib/inetsim/
Using report directory: /var/log/inetsim/report/
Using configuration file: /etc/inetsim/inetsim.conf
Parsing configuration file.
Configuration file parsed successfully.
=== INetSim main process started (PID 34711) ===
Session ID: 34711
Listening on: 0.0.0.0
Real Date/Time: 2023-06-11 00:18:44
Fake Date/Time: 2023-06-11 00:18:44 (Delta: 0 seconds)
Forking services...
* dns_53_tcp_udp - started (PID 34715)
* smtps_465_tcp - started (PID 34719)
* pop3_110_tcp - started (PID 34720)
* smtp_25_tcp - started (PID 34718)
* http_80_tcp - started (PID 34716)
* ftp_21_tcp - started (PID 34722)
* https_443_tcp - started (PID 34717)
* pop3s_995_tcp - started (PID 34721)
* ftps_990_tcp - started (PID 34723)
done.
Simulation running.
Configure Windows Pwnbox
On the Windows host go to Settings -> Network -> Change adapter options -> Select adapter & click Properties.
Click "Internet Protocol Version 4 (TCP/IP) -> "Properties"
